It’s not just Yelp’s main page, either. The bug bounty program also covers business owner’s websites, apps, reservations, the engineering and company blogs, support center and Yelp’s API. The only exclusion is Eat24, Yelp’s food delivery service (likely because it stores a ton of credit card info).

Yelp also promises to work with hackers:

The security team at Yelp is all about keeping our users, our data, our employees, and our sites safe and sound. We are committed to working with security experts from all over the world to stay up-to-date with the latest security techniques. If you have found a security issue and you think we should know about it, we are ready to work with you. Let us know about it and we will make every effort to fix the issue.

To help hackers get started, Yelp has also mapped its bug bounty program, highlighting key points that may be vulnerable.

What might be most surprising is that while Yelp has its own crew dedicated to finding and fixing bugs, it hasn’t had a public bug bounty program until now. For a ubiquitous service like Yelp, it seems this is something that should have happened years ago.